Add Lodestar (#463)

* Init Lodestar

* init validator

* lodestar

* Init Lodestar

* Bump version

* Update charts/lodestar-validator/README.md

Co-authored-by: Dmitri Tsumak <[email protected]>
Signed-off-by: antares-sw <[email protected]>

* Fix

* fix readme

---------

Signed-off-by: antares-sw <[email protected]>
Co-authored-by: Dmitri Tsumak <[email protected]>

charts/lodestar-validator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/lodestar-validator/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://charts.stakewise.io/
+  version: 1.0.0
+digest: sha256:a52d823dcd535c64eafc9df56fe41455c602032e084b8adcaa34e536451d2ab2
+generated: "2023-04-03T10:46:51.136024+03:00"

charts/lodestar-validator/Chart.yaml

@@ -0,0 +1,29 @@
+apiVersion: v2
+name: lodestar-validator
+description: A Lodestar Validator Chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.2
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v1.12.0"
+
+dependencies:
+- name: common
+  repository: https://charts.stakewise.io/
+  version: 1.x.x

charts/lodestar-validator/README.md

@@ -0,0 +1,40 @@
+# Lodestar Validator Setup
+
+This guide will walk you through creating a new Lodestar Validator, loading an existing keystore to it, and creating a Kubernetes secret to store your keystore securely.
+
+## Prerequisites
+
+* Lodestar Validator installed on your local machine or a remote server.
+* Kubernetes CLI (kubectl) installed and configured to access your cluster.
+* Access to a running Kubernetes cluster.
+
+## Creating secrets with keystores and password
+
+> When setting up a Lodestar Validator and creating a Kubernetes secret to store your keystores and passwords, it's important to name the secret files consistently. This is because the Lodestar Validator expects a specific naming pattern in order to find and use your keystore.
+>
+> The naming pattern for the Kubernetes secret should be `keystore-{index}`, index represents kubernetes replica, if `replicasCount=2` you must create two secrets `keystore-0` and `keystore-1`. This ensures that the Lodestar Validator can find the correct secret when it looks for your keystore.
+>
+> By following these naming conventions, you can ensure that your Lodestar Validator is set up correctly and ready to use.
+
+1. Create secrets with keystores and passswords. This will create a new secrets with keystore files and a password. If you have more then 100 keystores it's better to split it in multiple replicas, for this create multiple secrets with 100 keystores in each and load it to Kubernetes as secrets. You can do this with the following command:
+
+```javascript
+kubectl create secret generic keystore-0 --from-file=/path/to/my-wallet/keystores-0 --from-file=/path/to/my-wallet/keystore-0.txt
+kubectl create secret generic keystore-1 --from-file=/path/to/my-wallet/keystores-1 --from-file=/path/to/my-wallet/keystore-1.txt
+```
+
+> `/path/to/my-wallet/keystores-0` expect keystores with name `keystore*.json` and `/path/to/my-wallet/keystore-0.txt` plain txt with password for these keystores.
+
+This will create a new Kubernetes secrets named `keystore-0` and `keystore-1` that contains your keystore files and passwords.
+
+## Deploy Lodestar Validator
+
+```bash
+helm repo add stakewise https://charts.stakewise.io
+helm repo update
+helm upgrade --install lodestar-validator stakewise/lodestar-validator \
+  --namespace validators \
+  --create-namespace \
+  --set global.network="goerli" \
+  --set replicaCount=2
+```

charts/lodestar-validator/templates/prometheusrules.yaml

@@ -0,0 +1,23 @@
+{{- if and (or .Values.global.metrics.enabled .Values.metrics.enabled)
+           (or .Values.global.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.enabled) }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  {{- if .Values.metrics.prometheusRule.namespace }}
+  namespace: {{ .Values.metrics.prometheusRule.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.prometheusRule.additionalLabels }}
+    {{- toYaml .Values.metrics.prometheusRule.additionalLabels | nindent 4 }}
+    {{- end }}
+spec:
+  groups:
+  {{- with .Values.metrics.prometheusRule.rules }}
+    - name: {{ include "common.names.fullname" $ }}
+      rules: {{- tpl (toYaml .) $ | nindent 8 }}
+  {{- end }}
+{{- end }}

charts/lodestar-validator/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.metrics.port }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "common.labels.matchLabels" . | nindent 4 }}

charts/lodestar-validator/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if or .Values.global.serviceAccount.create .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.names.serviceAccountName" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/lodestar-validator/templates/servicemonitor.yaml

@@ -0,0 +1,42 @@
+{{- if and (or .Values.global.metrics.enabled .Values.metrics.enabled)
+    (or .Values.global.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.enabled) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - port: metrics
+      path: /metrics
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabelings }}
+      relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}

charts/lodestar-validator/templates/statefulset.yaml

@@ -0,0 +1,136 @@
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.statefulset" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  podManagementPolicy: "Parallel"
+  serviceName: {{ include "common.names.fullname" . }}
+  selector:
+    matchLabels:
+      {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "common.labels.matchLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "common.names.serviceAccountName" . }}
+      {{- with .Values.securityContext }}
+      securityContext:
+        {{ toYaml . | nindent 8 | trim }}
+      {{- end }}
+      initContainers:
+      {{- if and .Values.persistence.enabled .Values.initChownData }}
+        - name: init-chown
+          image: "{{ .Values.initImage.registry }}/{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+          imagePullPolicy: {{ .Values.initImage.pullPolicy }}
+          securityContext:
+            runAsNonRoot: false
+            runAsUser: 0
+          command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsUser }}", "/data"]
+          volumeMounts:
+            - name: data
+              mountPath: /data
+      {{- end }}
+        - name: import
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.initImage.pullPolicy }}
+          command:
+            - sh
+            - -c
+            - >
+              INDEX=$((${HOSTNAME##*-}));
+              node /usr/app/packages/cli/bin/lodestar validator import --dataDir=/data --importKeystores=/keystore-${INDEX} --importKeystoresPassword=/keystore-${INDEX}/keystore-${INDEX}.txt
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          {{- range $i := until (int .Values.replicaCount) }}
+            - name: keystore-{{ . }}
+              mountPath: /keystore-{{ . }}
+              readOnly: true
+          {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - sh
+            - -c
+            - >
+              node /usr/app/packages/cli/bin/lodestar
+              validator
+              --network={{ .Values.global.network }}
+              --dataDir=/data
+              --beaconNodes={{ .Values.global.beaconNodes }}
+              --metrics
+              --metrics.address={{ .Values.metrics.address }}
+              --metrics.port={{ .Values.metrics.port }}
+          {{- range .Values.extraFlags }}
+              {{ . }}
+          {{- end }}
+          ports:
+            - name: metrics
+              containerPort: {{ .Values.metrics.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          {{- range $i := until (int .Values.replicaCount) }}
+            - name: keystore-{{ . }}
+              mountPath: /keystore-{{ . }}
+              readOnly: true
+          {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      {{- range $i := until (int .Values.replicaCount) }}
+        - name: keystore-{{ . }}
+          secret:
+        {{- if $.Values.global.keystoreSecretName }}
+            secretName: {{ $.Values.global.keystoreSecretName }}-{{ . }}
+        {{- else }}
+            secretName: keystore-{{ . }}
+        {{- end }}
+      {{- end }}
+  {{- if (not .Values.persistence.enabled) }}
+        - name: data
+          emptyDir: {}
+  {{- else }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+        labels:
+          {{- include "common.labels.statefulset" . | nindent 10 }}
+      {{- with .Values.persistence.annotations }}
+        annotations:
+          {{ toYaml . | nindent 10 | trim }}
+      {{- end }}
+      spec:
+        accessModes: {{ .Values.persistence.accessModes }}
+        storageClassName: {{ .Values.persistence.storageClassName }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+  {{- end }}